Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107647 EXPLOITDB text VERIFIED
Hotel Booking Portal 0.1 - Multiple SQL Injections / Cross-Site Scripting
by Yakir Wizman
CVE-2012-2569 EXPLOITDB python VERIFIED
Synametrics Technologies Xeams 4.4 Build 5720 - XSS
Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
by loneferret
CVE-2012-2571 EXPLOITDB python VERIFIED
WinWebMail Server 3.8.1.6 - Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
by loneferret
CVE-2012-2575 EXPLOITDB python VERIFIED
NetWin SurgeMail 6.0a4 - Cross-Site Scripting via IFRAME SRC Attribute
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.
by loneferret
CVE-2012-2578 EXPLOITDB python VERIFIED
SmarterMail 9.2 - Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.
by loneferret
CVE-2012-2582 EXPLOITDB python VERIFIED
OTRS Help Desk <2.4.13, OTRS ITSM <3.0.15 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
by loneferret
CVE-2012-2585 EXPLOITDB python VERIFIED
ManageEngine ServiceDesk Plus 8.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
by loneferret
CVE-2012-2586 EXPLOITDB python VERIFIED
Mailtraq 2.17.3.3150 - Multiple Cross-Site Scripting via Email Subject and Body
Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode method or (2) a SCRIPT element; an e-mail message body with (3) a crafted SRC attribute of an IFRAME element, (4) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (5) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an IMG element; or an e-mail message Date header with (6) a JavaScript alert function used in conjunction with the fromCharCode method, (7) a SCRIPT element, (8) a CSS expression property in the STYLE attribute of an arbitrary element, (9) a crafted SRC attribute of an IFRAME element, or (10) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
by loneferret
CVE-2012-2588 EXPLOITDB python VERIFIED
MailEnable Enterprise 6.5 - Cross-Site Scripting via Email Headers or Body
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.
by loneferret
CVE-2012-2955 EXPLOITDB python VERIFIED
IBM Lotus Protector for Mail Security 2.1-2.8 XSS via Query String
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string.
by muts
CVE-2012-2590 EXPLOITDB python VERIFIED
ESCON SupportPortal Professional Edition 3.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAME element, (3) a crafted CONTENT attribute of an HTTP-EQUIV="Set-Cookie" META element, or (4) an innerHTML attribute within an XML document.
by loneferret
CVE-2012-2591 EXPLOITDB python VERIFIED
EmailArchitect Email Server <10.0.0.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.
by loneferret
CVE-2012-2592 EXPLOITDB python VERIFIED
Axigen Mail Server 8.0.1 - Cross-Site Scripting via Email Body
Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
by loneferret
CVE-2012-2584 EXPLOITDB python VERIFIED
Alt-N MDaemon Free 12.5.4 - Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document.
by loneferret
CVE-2012-2587 EXPLOITDB python VERIFIED
AfterLogic MailSuite Pro 6.3 - Stored Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element.
by loneferret
CVE-2012-4177 EXPLOITDB ruby VERIFIED
Ubisoft Uplay PC < 2.0.4 - Remote Code Execution via -orbit_exe_path Argument
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.
by Metasploit
CVE-2012-3951 EXPLOITDB ruby VERIFIED
Plixer Scrutinizer <= 9.0.1.19899 - Unauthenticated SQL Injection via Default MySQL Credentials
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
by Metasploit
CVE-2012-2572 EXPLOITDB python VERIFIED
ThreeWP Email Reflector <1.16 - XSS
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.
by loneferret
CVE-2012-2579 EXPLOITDB python VERIFIED
WP SimpleMail 1.0.6 - Cross-Site Scripting via Email Fields
Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email.
by loneferret
CVE-2012-2580 EXPLOITDB python VERIFIED
Postie < 1.5.15 - Cross-Site Scripting via Email From Field
Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email.
by loneferret
CVE-2012-2583 EXPLOITDB python VERIFIED
Mini Mail Dashboard Widget <1.42 - XSS
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.
by loneferret
EIP-2026-113393 EXPLOITDB php
WespaJuris 3.0 - Multiple Vulnerabilities
by WhiteCollarGroup
CVE-2012-2573 EXPLOITDB python VERIFIED
T-dah WebMail 3.2.0-2.3 - Stored Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
by loneferret
CVE-2012-3952 EXPLOITDB text VERIFIED
phplist < 2.10.19 - Cross-Site Scripting via Unconfirmed Parameter
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
by High-Tech Bridge SA
CVE-2012-3953 EXPLOITDB text VERIFIED
phplist < 2.10.19 - Authenticated SQL Injection via Edit Attributes Delete Parameter
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
by High-Tech Bridge SA